armistace/pr_reviewer
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

updated readme

Browse Source
This commit is contained in:
Andrew Ridgway 2026-05-21 21:06:42 +10:00
parent a34a3c3a67
commit 77c335a4e9
Signed by: armistace
GPG Key ID: C8D9EAC514B47EF1
1 changed files with 83 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
README.md
View File

@ -2,7 +2,7 @@
Automated pull request review system using [CrewAI](https://crewai.com) Flows and MCP (Model Context Protocol) tools.
Performs three parallel reviews — code quality, security, and infrastructure — then synthesizes a consolidated report via a REST API.
Performs three parallel reviews — code quality, security, and infrastructure — then synthesizes a consolidated report via a REST API. Supports both a direct API and a Gitea webhook integration that fetches diffs automatically and posts the review as a PR comment.
## Features
@ -10,32 +10,10 @@ Performs three parallel reviews — code quality, security, and infrastructure
- **Security Review** — vulnerabilities, injection risks, auth issues (powered by Trivy)
- **Infrastructure Review** — Dockerfiles, Kubernetes manifests, IaC (powered by Hadolint + Checkov)
- **Summarisation** — merges all three reviews into a single actionable report
- **REST API** — FastAPI endpoints for health check and review trigger
- **REST API** — FastAPI endpoints for health check, manual review trigger, and Gitea webhook
- **Gitea Webhook** — process PR events directly; fetches diffs, runs reviews, posts results as a PR comment
- **Dockerized** — multi-stage build with all tools bundled
## Architecture
```
POST /api/v1/review
CodeReviewFlow (CrewAI Flow)
┌────┼──────────────┐
▼ ▼ ▼
Code Security Infra
Review Review Review
│ │ │
└─────┼────────────┘
Summariser
JSON Response
```
LLM-agnostic via CrewAI's LLM abstraction — works with OpenAI, Anthropic, or Ollama.
## Quick Start
### Prerequisites
@ -85,6 +63,34 @@ curl -X POST http://localhost:8000/api/v1/review \
}'
```
## Architecture
```
POST /api/v1/review POST /api/v1/gitea-webhook
│ │
│ Gitea webhook payload
│ │
│ fetch diffs from
│ Gitea API
│ │
▼ ▼
CodeReviewFlow (CrewAI Flow)
┌────┼──────────────┐
▼ ▼ ▼
Code Security Infra
Review Review Review
│ │ │
└─────┼────────────┘
Summariser
JSON Response / PR Comment
```
LLM-agnostic via CrewAI's LLM abstraction — works with OpenAI, Anthropic, or Ollama.
## API
### `GET /api/v1/health`
@ -97,7 +103,7 @@ Returns service status.
### `POST /api/v1/review`
Triggers a full PR review.
Triggers a full PR review. Provide file contents and diffs directly in the request body.
**Request body:**
@ -144,6 +150,42 @@ Triggers a full PR review.
}
```
### `POST /api/v1/gitea-webhook`
Receives Gitea webhook events. Only processes `pull_request` events with actions `opened`, `synchronize`, or `reopened`. All other events and actions are ignored.
The endpoint:
1. Validates the `X-Gitea-Signature` header using HMAC-SHA256 (if `ACCESS_GITEA_SECRET` is configured)
2. Fetches changed files and their contents from the Gitea API
3. Runs the full review pipeline (code, security, infrastructure, summariser)
4. Posts the review summary as a comment on the PR via the Gitea API
## Gitea Webhook Setup
### 1. Create an access token
In your Gitea instance, go to **Settings → Applications → Generate New Token** and create a token with `read:repository` scope.
### 2. Add the webhook
In your Gitea repository, go to **Settings → Webhooks → Add Webhook → Gitea**:
- **Target URL**: `http://<host>:30001/api/v1/gitea-webhook`
- **HTTP Method**: `POST`
- **Secret**: a random string (optional but recommended)
- **Trigger On**: Pull Request
### 3. Configure environment variables
Set the following in the container (or k8s secret):
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| `ACCESS_GITEA_URL` | yes | `http://192.168.178.160:3000` | Gitea instance base URL |
| `ACCESS_GITEA_TOKEN` | yes | — | Gitea personal access token with `read:repository` scope |
| `ACCESS_GITEA_SECRET` | no | `""` | Webhook secret; if set, signatures are validated |
## Configuration
All configuration via environment variables in `.env`:
@ -154,10 +196,23 @@ All configuration via environment variables in `.env`:
| `LLM_PROVIDER` | (required) | `openai`, `anthropic`, or `ollama` |
| `LLM_BASE_URL` | — | API base URL |
| `LLM_API_KEY` | — | API key (not needed for Ollama) |
| `ACCESS_GITEA_URL` | `http://192.168.178.160:3000` | Gitea instance base URL |
| `ACCESS_GITEA_TOKEN` | — | Gitea personal access token with `read:repository` scope |
| `ACCESS_GITEA_SECRET` | — | Webhook secret for HMAC-SHA256 signature verification |
| `TOTAL_FLOW_TIMEOUT` | `600` | Max seconds for full review |
| `PER_CREW_TIMEOUT` | `300` | Max seconds per crew |
| `LOG_LEVEL` | `INFO` | Logging level |
## Deployment
### Kubernetes
The repo includes a CI pipeline (`.gitea/workflows/build_push.yml`) that builds a multi-arch Docker image, pushes it to the registry, and deploys to Kubernetes.
The k8s deployment uses a NodePort service exposing port 30001, which maps to the container's port 8000.
Environment variables are stored in a k8s secret (`pr-reviewer-env`). The CI pipeline creates this secret automatically — add `ACCESS_GITEA_URL`, `ACCESS_GITEA_TOKEN`, and `ACCESS_GITEA_SECRET` as Gitea repo variables/secrets.
## Development
```bash
@ -179,12 +234,13 @@ uvicorn src.pr_reviewer.main:app --reload
├── crews/ # Crew definitions (code, security, infra, summariser)
├── mcp_servers/ # MCP tool wrappers (Hadolint, Checkov)
├── src/pr_reviewer/ # Core application code
│ ├── main.py # FastAPI app
│ ├── main.py # FastAPI app, endpoints, webhook handler
│ ├── flow.py # CrewAI Flow orchestration
│ ├── state.py # Pydantic state models
│ ├── llm.py # LLM factory
│ └── context.py # Context resolution
├── tests/ # Unit and integration tests
├── kube/ # Kubernetes manifests
├── docker-compose.yaml
├── Dockerfile
└── pyproject.toml